Android tablet mobile phone iPhone iPad gifs
RechercherDerniers commentairesgood ideas very helpful. i was able to fill out a form online yesterday (http://goo.gl /nmdphu) you might want
Par Jill Rivas, le 31.03.2014
· How to Put in Ram memory in a Tablet
· Gambling software developer moves to fix poker game flaws
· How to Install Windows XP on a Tablet PC
· Security Jeopardized By New Type of Attack, Report Finds
· How you can Set up Adobe Acrobat
Statistiques
Date de création : 06.04.2013
Dernière mise à jour :
19.07.2013
30 articles
While Apple's app review process and app sandboxing are keeping iOS users relatively safe from malware, dangerous new threats could emerge through exploits involving iOS profiles, also known as mobileconfig files, warns a new report by Skycure Security.
So far, iOS users are in "pretty good condition when it comes to security," according to the report. For one thing, Apple's stringent app review process makes it difficult for hackers to place malicious apps in the App Store.
Also, Apple uses app sandboxing to make sure that, even if a malicious app reaches an iOS device, it will have limited permissions and capabilities. A sandboxed app cannot change system-level settings, and its access to resources is restricted.
However, the researchers at Skycure also foresee the potential for attackers to circumvent Apple's security model and "perform significant damage to their victims" by tampering with mobileconfig files on iOS mobile devices.
These mobileconfig files are used legitimately by wireless carriers, some mobile apps, and enterprise Mobile Device Management (MDM) solutions to configure important system-level settings such as Wi-Fi, email, VPN, and APN settings.
Malicious Mobileconfig Files
On the other hand, a "malicious profile could be used to remotely control mobile devices, monitor and manipulate user activity and hijack user sessions. In addition to being able to route all of the victim's traffic through the attacker's server, a more interesting and hazardous characteristic of malicious profiles is the ability to install root certificates on victims' devices," according to Skycure.
"This makes it possible to seamlessly intercept and decrypt SSL/TLS secure connections, on which most applications rely to transfer sensitive data. A few concrete impact examples include: stealing one's Facebook, LinkedIn, mail and even bank identities and acting on his/her behalf in these accounts, potentially creating havoc."
How Might Users Get Duped?
How might attackers lure victims into installing these malicious files? In one scenario raised by Skycure, hackers might offer users free access to popular movies and TV shows on a Web site, in exchange for installing "an iOS profile that will 'configure' their devices accordingly." (For an example of a hypothetical Web site of this kind, see screen shot at right.)
In another scenario, attackers would send out an email promising users "'better battery performance' or just "something cool to watch" upon installation.
To avoid exploits based on malicious mobileconfig files, the researchers recommend that iOS profiles should be installed only from "trusted websites or applications"; that profiles should be downloaded only from "secure channels" (links that start with https rather than http); and that users should "beware of non-verified mobileconfigs."
Not uncoincidentally, Skycure is currently developing a mobile firewall with a cloud component aimed at keeping devices safe from these kinds of exploits by "verifying" mobileconfig files, for example.
Skycure also suggested that wireless carriers need to be sure that mobileconfig files used for configuring customers' APN settings in mobile stores are downloaded only through encrypted channels.
The company presented its findings this week at the Herzliya security conference in Israel.